/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* kdc/cammac.c - Functions for wrapping and unwrapping CAMMACs */ /* * Copyright (C) 2015 by the Massachusetts Institute of Technology. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "k5-int.h" #include "kdc_util.h" /* Encode enc_tkt with contents as the authdata field, for use in KDC * verifier checksums. */ static krb5_error_code encode_kdcver_encpart(krb5_enc_tkt_part *enc_tkt, krb5_authdata **contents, krb5_data **der_out) { krb5_enc_tkt_part ck_enctkt; ck_enctkt = *enc_tkt; ck_enctkt.authorization_data = contents; return encode_krb5_enc_tkt_part(&ck_enctkt, der_out); } /* * Create a CAMMAC for contents, using enc_tkt and tgt_key for the KDC * verifier. tgt_key must be the decrypted first key data entry in tgt. Set * *cammac_out to a single-element authdata list containing the CAMMAC inside * an IF-RELEVANT container. */ krb5_error_code cammac_create(krb5_context context, krb5_enc_tkt_part *enc_tkt, krb5_keyblock *server_key, krb5_db_entry *tgt, krb5_keyblock *tgt_key, krb5_authdata **contents, krb5_authdata ***cammac_out) { krb5_error_code ret; krb5_data *der_authdata = NULL, *der_enctkt = NULL, *der_cammac = NULL; krb5_authdata ad, *list[2]; krb5_cammac cammac; krb5_verifier_mac kdc_verifier, svc_verifier; krb5_keyblock tgtkey; krb5_checksum kdc_cksum, svc_cksum; *cammac_out = NULL; memset(&tgtkey, 0, sizeof(tgtkey)); memset(&kdc_cksum, 0, sizeof(kdc_cksum)); memset(&svc_cksum, 0, sizeof(svc_cksum)); /* Checksum the reply with contents as authdata for the KDC verifier. */ ret = encode_kdcver_encpart(enc_tkt, contents, &der_enctkt); if (ret) goto cleanup; ret = krb5_c_make_checksum(context, 0, tgt_key, KRB5_KEYUSAGE_CAMMAC, der_enctkt, &kdc_cksum); if (ret) goto cleanup; kdc_verifier.princ = NULL; kdc_verifier.kvno = current_kvno(tgt); kdc_verifier.enctype = ENCTYPE_NULL; kdc_verifier.checksum = kdc_cksum; /* Encode the authdata and checksum it for the service verifier. */ ret = encode_krb5_authdata(contents, &der_authdata); if (ret) goto cleanup; ret = krb5_c_make_checksum(context, 0, server_key, KRB5_KEYUSAGE_CAMMAC, der_authdata, &svc_cksum); if (ret) goto cleanup; svc_verifier.princ = NULL; svc_verifier.kvno = 0; svc_verifier.enctype = ENCTYPE_NULL; svc_verifier.checksum = svc_cksum; cammac.elements = contents; cammac.kdc_verifier = &kdc_verifier; cammac.svc_verifier = &svc_verifier; cammac.other_verifiers = NULL; ret = encode_krb5_cammac(&cammac, &der_cammac); if (ret) goto cleanup; /* Wrap the encoded CAMMAC in an IF-RELEVANT container and return it as a * single-element authdata list. */ ad.ad_type = KRB5_AUTHDATA_CAMMAC; ad.length = der_cammac->length; ad.contents = (uint8_t *)der_cammac->data; list[0] = &ad; list[1] = NULL; ret = krb5_encode_authdata_container(context, KRB5_AUTHDATA_IF_RELEVANT, list, cammac_out); cleanup: krb5_free_data(context, der_enctkt); krb5_free_data(context, der_authdata); krb5_free_data(context, der_cammac); krb5_free_keyblock_contents(context, &tgtkey); krb5_free_checksum_contents(context, &kdc_cksum); krb5_free_checksum_contents(context, &svc_cksum); return ret; } /* * Return true if cammac's KDC verifier is valid for enc_tkt, using tgt to * retrieve the TGT key indicated by the verifier. tgt_key must be the * decrypted first key data entry in tgt. */ krb5_boolean cammac_check_kdcver(krb5_context context, krb5_cammac *cammac, krb5_enc_tkt_part *enc_tkt, krb5_db_entry *tgt, krb5_keyblock *tgt_key) { krb5_verifier_mac *ver = cammac->kdc_verifier; krb5_key_data *kd; krb5_keyblock tgtkey, *key; krb5_boolean valid = FALSE; krb5_data *der_enctkt = NULL; memset(&tgtkey, 0, sizeof(tgtkey)); if (ver == NULL) goto cleanup; /* Fetch the krbtgt key indicated by the KDC verifier. Only allow the * first krbtgt key of the specified kvno. */ if (ver->kvno == current_kvno(tgt)) { key = tgt_key; } else { if (krb5_dbe_find_enctype(context, tgt, -1, -1, ver->kvno, &kd) != 0) goto cleanup; if (krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL) != 0) goto cleanup; key = &tgtkey; } if (ver->enctype != ENCTYPE_NULL && tgtkey.enctype != ver->enctype) goto cleanup; /* Verify the checksum over the DER-encoded enc_tkt with the CAMMAC * elements as authdata. */ if (encode_kdcver_encpart(enc_tkt, cammac->elements, &der_enctkt) != 0) goto cleanup; (void)krb5_c_verify_checksum(context, key, KRB5_KEYUSAGE_CAMMAC, der_enctkt, &ver->checksum, &valid); cleanup: krb5_free_keyblock_contents(context, &tgtkey); krb5_free_data(context, der_enctkt); return valid; }